compile_et: Don't overflow input file buffer

Don't overlow the buffer that's used for the input filename by
copying in to much with sprintf. Use asprintf to dynamically
allocate a buffer instead.

Link roken for rk_asprintf where needed.

Build compile_et with libtool, to ensure that it is linked statically,
as is needed for build tools such as compile_et.  (This requires
a preceding change to set a buildtool_roken make variable.)

Caught by coverity (#985907)

Change-Id: I207dd2c49bcae3f04fa41c826b08a0a615d5f422
Reviewed-on: http://gerrit.openafs.org/9545
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>

diff --git a/src/comerr/Makefile.in b/src/comerr/Makefile.in
index 6997c89..b94f1c6 100644 (file)
--- a/src/comerr/Makefile.in
+++ b/src/comerr/Makefile.in
@@ -38,9 +38,9 @@ et_lex.lex.c: et_lex.lex.l
 compile_et:    compile_et.o error_table.o
        $(Q)case $(SYS_NAME) in \
        *_linux* | *_umlinux* | *_darwin* ) \
-       $(AFS_LDRULE_NOQ) compile_et.o error_table.o -L${TOP_LIBDIR} -lopr;; \
+       $(LT_LDRULE_static_NOQ) compile_et.o error_table.o -L${TOP_LIBDIR} -lopr $(buildtool_roken) $(MT_LIBS);; \
        * ) \
-       $(AFS_LDRULE_NOQ) compile_et.o error_table.o -L${TOP_LIBDIR} -lopr -ll;; \
+       $(LT_LDRULE_static_NOQ) compile_et.o error_table.o -L${TOP_LIBDIR} -lopr -ll $(buildtool_roken) $(MT_LIBS);; \
        esac
 
 libafscom_err.a: $(LT_objs)

diff --git a/src/comerr/compile_et.c b/src/comerr/compile_et.c
index 87e000e..e5b780c 100644 (file)
--- a/src/comerr/compile_et.c
+++ b/src/comerr/compile_et.c
@@ -117,7 +117,6 @@ static const char msf_warning[] =
 char c_file[MAXPATHLEN];       /* output file */
 char h_file[MAXPATHLEN];       /* output */
 char msf_file[MAXPATHLEN];
-char et_file[MAXPATHLEN];      /* full path to input file */
 
 static void
 usage(void)
@@ -142,6 +141,7 @@ int
 main(int argc, char **argv)
 {
     char *p, *ename;
+    char *et_file;
     char const *const *cpp;
     int got_language = 0;
     char *got_include = 0;
@@ -314,7 +314,10 @@ main(int argc, char **argv)
        filename = p;
     }
 
-    sprintf(et_file, "%s/%s", got_prefix, filename);
+    if (asprintf(&et_file, "%s/%s", got_prefix, filename) < 0) {
+       fprintf(stderr, "Couldn't allocate memory for filename\n");
+       exit(1);
+    }
 
     yyin = fopen(et_file, "r");
     if (!yyin) {
@@ -322,6 +325,8 @@ main(int argc, char **argv)
        exit(1);
     }
 
+    free(et_file);
+
     /* on NT, yyout is not initialized to stdout */
     if (!yyout) {
        yyout = stdout;